usershare acl parser?
Jeremy Allison
jra at samba.org
Sun Dec 11 17:39:59 GMT 2005
On Sun, Dec 11, 2005 at 10:58:20PM +1100, tridge at samba.org wrote:
> Jeremy,
>
> > Ok, I was wrong - I should have used an example of :
> >
> > "D:P(A;;GA;;;SY)(A;;GRGWGX;;;BA)(A;;GR;;;WD)"
>
> Why do you want SEC_DESC_DACL_PROTECTED ? (the 'P' flag). As there is
> no parent, its not needed and is pretty obscure at any time.
>
> the 'SY' ACE is pointless as its reasonable to assume 'local system'
> can do whatever it darn well pleases to a local resource. The GWGWGX
> is also a bit verbose - using GA (generic all) is much simpler and
> probably what you really wanted.
>
> So I suspect what you wanted was this:
>
> D:(A;;GA;;;BA)(A;;GR;;;WD)
>
> which translates as "all rights for admins, everyone else read".
You're missing the point. This is not a sane way of specifying
this for a UNIX admin. Compare that with :
Administrators:F,Everyone:R
Which is the syntax I'm proposing.
Jeremy.
More information about the samba-technical
mailing list